X.500 Distinguished Names
- commonName - common name of a person, e.g., "Susan Jones"
- organizationUnit - small organization (e.g, department or division) name, e.g., "Purchasing"
- organizationName - large organization name, e.g., "ABCSystems, Inc."
- localityName - locality (city) name, e.g., "Palo Alto"
- stateName - state or province name, e.g., "California"
- country - two-letter country code, e.g., "CH"
where all the italicized items represent actual values and the keywords are abbreviations for the following:
CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode
CN=commonName OU=organizationUnit O=organizationName L=localityName S=stateName C=country
and a sample command using such a string is
CN=Mark Smith, ou=Tivoli, o=IBM, L=Austin, S=Texas, C=US
keytool -genkeypair -dname "CN=Mark Smith, ou=Tivoli, o=IBM, L=Austin, S=Texas, C=US" -alias mark
Case does not matter for the keyword abbreviations. For example, "CN", "cn", and "Cn" are all treated the same.
CN=Steve Meier, OU=Tivoli, o=IBM, C=US
cn=peter schuster, ou=Tivoli, o=IBM\, Inc., c=us
It is never necessary to specify a distinguished name string on a command line. If it is needed for a command, but not supplied on the command line, the user is prompted for each of the subcomponents. In this case, a comma does not need to be escaped by a "\".